I didn't find the email offensive.

The security issues paragraph was just sound advice, not all of the plusnet customers are technically aware as most people on here. I think it would have been wrong if they had not put that paragraph in.

If plusnet are upsetting you then you need to consider if they are the ISP for you. I'm seriously considering moving somewhere else because of the email issue

Jelv it is unlikely since PN were running @mail4.01 (according to the about section a couple of days ago). This was based on perl scripts rather than the php v5.x branch that this patch belongs to.

I think this amply demonstrates why the message needs to be repeatedly hammered home!

I think "offensive" is a bit strong, although I have to admit to raising my eyebrows slightly when I got to that bit!

Whilst I accept it was no doubt intended as a precaution for those customers who otherwise might not have known, it does seem to carry a slight implication of fault on the customer's part. If I didn't know any better (as a lot of customers won't, I'm guessing), I could be left with the impression it was somehow my set-up that's to blame.

T.

The trojan issue is mainly down to the customer. If their machines had been patched or had an updated anti-virus software they wouldn't have been affected by at least one compromise. I wonder how many machines were out of date.

In reply to:

---

The trojan issue is mainly down to the customer

---

But the e-mail entirely fails to make this distinction. In fact, it doesn't even mention an issue with any trojan. It only talks about spam, so as I say, if I didn't know any better, I might be left with the impression they are saying this is my fault. Why else would they be saying it highlights the need for me to do something?

(My machine is up to date, and I don't have any trojan, by the way, before anyone jumps in to say it IS my fault!)

T.

I fail to see what is offensive about the email. It's not really their security issue - if users had the relevenat updates/patches and up-to-date Virus Scanners installed, there would not have been a problem! Plusnet are simply pointing out what customers can do to minimise any future risks.

Week after week I get callouts to customers that have no Virus Scanner installed what-so-ever.

It's definitely sensible to drill into people's heads that they need to take security seriously and protect themselves.

But it is somewhat a case of the pot calling the kettle black when a major ISP has been caught with their pants down, distributed a trojan to customers, not told those customers for a week, and released details of potentially tens of thousands of email addresses from themselves and other ISPS to spammers.

Yes, security breaches will always happen. After all, the only totally secure computer system is one not plugged into a network, turned off, encased in concrete and dropped to the bottom of the sea (and even then someone could still break into it if they really wanted to). But many people have been pointing out flaws in PlusNet's security for years and the webmail platform is known to be old, out of date and poorly maintained.

Maybe if they'd phrased things a little differently 'Due to recent problems we've learnt how important it is to be pro-active about security and our changing our approach, maybe it's about time you do to' rather than 'yes we do everything we can and are really good about security and take our security very seriously so you should follow our excellent example'.

>It's not really their security issue

How is them being "hacked" not their security issue?

Grrr!

There are good reasons for not keeping PC's up to date with the latest Microduff patches. I have several machines on the office network that don't get updated. Because of the stupid way windows works with DLLs when you download an update it can and does break a working program. Sometimes the only fix is to roll back the patches.

And it isn't just MS updates that cause this. I downloaded the latest development system from Microchip this week. The install insisted I shut down Eudora because it needed to change DLLs Eudora was using. How carp is that? This time Eudora survived, previously it has broken at this point.

We've put together 2 brand new dual core AMD machines for CAD using XP sp2 and latest updates. Constant crashes. I'm now reinstalling XP sp2 and not allowing updates to see if that fixes the problem.